CVE-2012-4485
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter.
Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función galleryformatter_field_formatter_view en galleryformatter.tpl.php en el módulo Gallery formatter antes de v7.x-1.2 para Drupal permite a usuarios autenticados remotamente con permisos para crear un nodo o entidad inyectar secuencias de comandos web o HTML a través del parámetro (1) title o (2) alt.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-21 CVE Reserved
- 2012-10-31 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/04/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/10/07/1 | Mailing List |
|
| http://www.securityfocus.com/bid/54674 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://drupalcode.org/project/galleryformatter.git/commitdiff/b0392a1 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1699744 | 2013-07-20 |
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1700578 | 2013-07-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Manuel Garcia Search vendor "Manuel Garcia" | Galleryformatter Search vendor "Manuel Garcia" for product "Galleryformatter" | <= 7.x-1.1 Search vendor "Manuel Garcia" for product "Galleryformatter" and version " <= 7.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Manuel Garcia Search vendor "Manuel Garcia" | Galleryformatter Search vendor "Manuel Garcia" for product "Galleryformatter" | 6.x-1.0 Search vendor "Manuel Garcia" for product "Galleryformatter" and version "6.x-1.0" | rc1 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Manuel Garcia Search vendor "Manuel Garcia" | Galleryformatter Search vendor "Manuel Garcia" for product "Galleryformatter" | 6.x-1.0 Search vendor "Manuel Garcia" for product "Galleryformatter" and version "6.x-1.0" | rc2 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Manuel Garcia Search vendor "Manuel Garcia" | Galleryformatter Search vendor "Manuel Garcia" for product "Galleryformatter" | 6.x-1.0 Search vendor "Manuel Garcia" for product "Galleryformatter" and version "6.x-1.0" | rc3 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Manuel Garcia Search vendor "Manuel Garcia" | Galleryformatter Search vendor "Manuel Garcia" for product "Galleryformatter" | 6.x-1.0 Search vendor "Manuel Garcia" for product "Galleryformatter" and version "6.x-1.0" | rc4 |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Manuel Garcia Search vendor "Manuel Garcia" | Galleryformatter Search vendor "Manuel Garcia" for product "Galleryformatter" | 6.x-1.x Search vendor "Manuel Garcia" for product "Galleryformatter" and version "6.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Manuel Garcia Search vendor "Manuel Garcia" | Galleryformatter Search vendor "Manuel Garcia" for product "Galleryformatter" | 7.x-1.0 Search vendor "Manuel Garcia" for product "Galleryformatter" and version "7.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Manuel Garcia Search vendor "Manuel Garcia" | Galleryformatter Search vendor "Manuel Garcia" for product "Galleryformatter" | 7.x-1.x Search vendor "Manuel Garcia" for product "Galleryformatter" and version "7.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|